GROUP MEMBERS

Abdullah Rashid Baig Adnan Haider Muhammad Zakria Muhammad Zeeshan Khan 10-Arid-270 11-Arid-803 11-Arid-829 11-Arid-843

It is derived from the Greek words kruptos means secret and graphia means writing. So cryptography means secret writing. Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient. It is the science of analyzing and breaking secure communication.

Cryptography has long history. Actually dating back to the time of Julius Caesar. When Julius Caesar sent messages to his generals, he didn't trust his messengers. So he replaced every A in his messages with a D, every B with an E, and so on through the alphabet. Only someone who knew the shift by 3 rule could decipher his messages .

A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key, a word, number, or phrase to encrypt the plaintext. The same plaintext encrypts to different cipher text with different keys. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key. A cryptographic algorithm, plus all possible keys and all the protocols that make it work comprise a cryptosystem . Cryptosystem is a system comprised of cryptographic algorithms, all possible plain text, cipher text, and keys. PGP is a cryptosystem.

PGP is an application and protocol for secure e-mail and file encryption developed by Phil R. Zimmermann. Originally published as Freeware, the source code has always been available for public scrutiny. PGP uses a variety of algorithms, like IDEA, RSA, DSA, MD5, SHA-1 for providing encryption, authentication, message integrity, and key management.

Data that can be read and understood without any special measures is called plaintext or clear text. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable text called cipher text.

The process of decoding data that has been encrypted into a secret format. Decryption requires a secret key or password. It is the reverse process of encryption. The process of reverting cipher text to its original plaintext is called decryption.

Unscrambled information to be transmitted. It could be a simple text document, a credit card number, a password, a bank account number or sensitive information such as payroll data, personnel information, or a secret formula being transmitted between organizations.

The result of strong cryptography is cipher text that is very difficult to decipher without possession of the appropriate decoding tool. The result of manipulating characters or bits via substitution transposition, or both.

 Substitution Cipher
A substitution cipher substitutes one piece of information for another. This is most frequently done by offsetting letters of the alphabet.

Transposition Cipher
It is a method of encryption by which the positions held by units of plaintext (which are commonly characters or groups of characters) are shifted according to a regular system, so that the cipher text constitutes a permutation of the plaintext. That is, the order of the units is changed. Mathematically a bijective function is used on the characters' positions to encrypt and an inverse function to decrypt.

 block Cipher
Block ciphers encrypt the information by breaking down into blocks. The blocks are of fixed size commonly of 64 bits.

Stream Cipher
Stream ciphers encrypt the bits of information one at a time. These are faster and smaller to implement than Block Ciphers. Stream ciphers operate on 1-bit of data at a time. If the same key stream is used, attacks may cause the information to be revealed.

 Steganography
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos meaning "covered or protected ", and graphia meaning "writing".

A mathematical value, formula or process that determine how a plaintext message is encrypted or decrypted. The key is the only way to decipher the scrambled information.

Two Types of Keys

Secret Key Cryptography (SKC). Public Key Cryptography (PKC).

In secret key cryptography, a single key is used for both encryption and decryption. Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers. Secret key is also called symmetric encryption.

Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read. Even people you have never met. The publicly available component of an integrated asymmetric key pair often referred to as the encryption key.

A hash function takes variable-length input in this case, a message of any length, even thousands or millions of bits and produces a fixed-length output; say, 160-bits. The hash function ensures that, if the information is changed in any way even by just one bitan entirely different output value is produced. A function that produces a message digest that cannot be reversed to produced the original.

Advantages
The biggest advantage of public key cryptography is the secure nature of the private key. In fact it never needs to be transmitted or revealed to anyone. Another type of benefit of public key cryptography is that is provides a method for employing digital signatures. It enables the use of digital certificates and digital timestamps, which is a very secure technique of authorization .We will look at digital timestamps and digital signatures in a moment.

disAdvantages
Transmission time for documents encrypted public key cryptography are significantly larger than symmetric cryptography. In fact transmission of very large documents is prohibitive. The key sizes must be significantly larger than symmetric cryptography to achieve the same level of protection.

Public key cryptography is susceptible to impersonation attacks.

 Confidentiality (secrecy)
Only the sender and intended receiver should be able to understand the contents of the transmitted message.

Authentication
Both the sender and receiver need to confirm the identity of other party involved in the communication

Data integrity
The content of their communication is not altered, either maliciously or by accident, in transmission.

Digital signatures enable the recipient of information to verify the authenticity of the informations origin, and also verify that the information is intact. A digital signature also provides nonrepudiation, which means that it prevents the sender from claiming that he or she did not actually send the information. These features are every bit as fundamental to cryptography as privacy, if not more. A digital signature serves the same purpose as a handwritten signature. However, a handwritten signature is easy to counterfeit. A digital signature is superior to a handwritten signature in that it is nearly impossible to counterfeit, plus it attests to the contents of the information as well as to the identity of the signer.

 Availability
Timely accessibility of data to authorized entities.

Non-repudiation

An entity is prevented from denying its previous commitments or actions.

Access control
An entity cannot access any entity that it is not authorized to

Anonymity
The identity of an entity if protected from others.

What is a passphrase?
A passphrase is a longer version of a password, and in theory, a more secure one. Typically composed of multiple words, a passphrase is more secure against standard dictionary attacks, wherein the attacker tries all the words in the dictionary in an attempt to determine your password. The best passphrases are relatively long and complex and contain a combination of upper and lowercase letters, numeric and punctuation characters. Your private key is totally and absolutely useless without your passphrase.

Viruses and Trojan horses

Attack could involve a specially tailored hostile computer virus or worm that might infect PGP or your operating system. This hypothetical virus could be designed to capture your passphrase or private key or deciphered messages and to covertly write the captured information to a file or send it through a network to the viruss owner.

Even if the attacker cannot read the contents of your encrypted messages, he may be able to infer at least some useful information by observing where the messages come from and where they are going, the size of the messages, and the time of day the messages are sent. This is analogous to the attacker looking at your long-distance phone bill to see who you called and when and for how long, even though the actual content of your calls is unknown to the attacker. This is called traffic analysis.

A kind of attack that has been used by well-equipped opponents involves the remote detection of the electromagnetic signals from your computer.

A calculated brute force attack to reveal a password by trying obvious and logical combinations of words.